Tuesday, December 20, 2016

27 Chinese Hackers Profiled

Hacker use information sharing and collaboration, and there is a large community of Chinese coders are doing just that -- exchanging ideas, and tools, and sharing software development. This week, Wapack Labs published a study of 27 of the most active Chinese coders, revealing the some common characteristics of this community:
  • These coders are not lone hackers. They are mostly employed in major corporations or network security entities. This includes Alibaba, TenCent, and Huawei, and security entities KnownSec, Keen Team, and Evil Octal.
  • They are not anonymous. Real names were found for 18 of the 27 coders studied.
  • Many are well known in China and abroad. Several of those studied had more than 400 followers, and one had about 1,800.
  • Many are contributing regularly; Several updating ideas and code more than 200 times over a year period.
In addition, the white-hat posture taken by these coders appears to have been accepted so far by the Chinese government. This community does not appear to fear suppression by the government, similar to the shutdown of the Wooyun vulnerability-hunter website earlier this year.

Publication Date: 8 December 2016
Handling Requirements: Traffic light protocol (TLP) AMBER
Attribution/Threat Actors: Criminal or state actors who are organized, highly technical, proficient, well-funded professionals working in teams to discover new vulnerabilities and develop exploits.
Actor Type: Adversary capabilities have been assessed as Tier IV
Industries Targeted: Multi-industry targets/International
Past Reporting: The full reports may be viewed in Red Sky Alliance as DOC-2098, DOC-4350, and comment-7187.  Contact Wapack Labs for more information.